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DETAILED ACTION 

1. Claims 1-57 are presented for examination. 



Specification 

2. The title of the invention is not descriptive. A new title is required that is clearly 
indicative of the invention to which the claims are directed. 

The following title is suggested: "Secure access to Managed Network Objects using a 
configurable platform-independent CORBA gateway". 

Response to Arguments 

3. Applicant's request for reconsideration of the finality of the rejection of the last Office 
action is persuasive and, therefore, the finality of that action is withdrawn. 



Response to Amendment 

4. Applicant's arguments with respect to claims 1-57 have been considered but are moot in 
view of the new ground(s) of rejection necessitated by Applicant's amendments to the claims, 
(i.e., Amendment to claims 1-57, paper number 7). 



Claim Rejections - 35 USC § 102 

5. The following is a quotation of the appropriate paragraphs of 35 U.S. C. 102 that form the 
basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 
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(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 35 1(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

6. Claims 1-57 are rejected under 35 U.S.C. 102(e) as being anticipated by Barker et al. 
U.S. patent number 6,3,63,421. 

7. As per claims 1, 20 and 39, Barker teaches the following: 

a network management system comprising (e.g., a management computer is connected to 
an element management system server through a special communication link including a 
computer internet, col.l, lines 27-30), 

a network management method comprising (e.g., a method is provided for remotely 
managing a plurality of network element of a telecommunications network, col. 1, lines 24-30), 

a carrier medium comprising program instructions for network management, wherein the 
program instructions are computer-executable to perform: 

a gateway (e.g., an element management server ) which is coupled to one or more 
managed objects (e.g. at least one of the plurality of network elements is also coupled to the 
element management server through the computer internet, e.g., col. 1, lines 29-36) and which is 
configured to deliver events generated by the managed objects to one or more managers (e.g., the 
element management server is provided with application processor specific events and command 
acknowledgements, col. 1, lines 63-65) or to deliver requests generated by the managers to the 
one or more managed objects (e.g., the element management server is provided with application 
processor specific events and command acknowledgements, col. 1, lines 63-65); and 
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a platform-independent interface to the gateway (e.g., CORBA will serve as the IPC for 
functions residing on the server, thereby eliminating any platform-specific IPC from the 
implementation, col. 4, lines 37-55), wherein the gateway is configurable to communicate with 
the managers through the platform- independent interface to deliver the events or requests (e.g., 
the element management server is provided with application processor specific events and 
command acknowledgements, col. 1, lines 63-65), 

wherein the gateway is configurable to provide object-level access control between the 
managers (e.g., clients) and the managed objects (e.g., managed objects) to send the requests to 
the managed objects, delivering the event to the manager application or the request to the 
managed object if the manager access is approved (e.g., this information may be used to provide 
some level of access control in the client application (e.g. deactivating menu element 
management system for maintenance operations that are not allowed). In any case, all client 
requests are validated at the server. Each managed object class requires the session identifier as 
a parameter to each public method. The access permissions associated with the session are 
examined before authorizing client execution (e.g. remove operation). Note that there is a 
predefined "system session" with global access permissions for use by infrastructure components 
which make use of the same interface definition, col., 30, line 45 - col., 38, line 9, Note that if 
more than one attribute has changed for a managed object instance, the changes will be grouped 
and delivered to each registered client on a managed object instance basis, col., 23, line 55 - col., 
26, line 10), 

determine on a managed object level whether or not the manager application (e.g., client) 
is allowed to send a request to the managed object (e.g., method of managed object on server) as 
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a function of the identity of the user (e.g., session identification) of the manager application, 
whereby access for the manager application send the request is approved or denied for said 
managed object (e.g., authorizing, this information may be used to provide some level of access 
control in the client application (e.g. deactivating menu element management system for 
maintenance operations that are not allowed). In any case, all client requests are validated at the 
server. Each managed object class requires the session identifier as a parameter to each public 
method. The access permissions associated with the session are examined before authorizing 
client execution (e.g. remove operation). Note that there is a predefined "system session" with 
global access permissions for use by infrastructure components which make use of the same 
interface definition, col., 30, line 45 - col., 38, line 9). 

8. As per claims 2-4, 21-23 and 40-42, Barker teaches the following: 

the gateway is configurable to determine whether each of the managers is authorized to 
communicate with each of the managed objects (e.g., the server supports basic server 
authentication, and can be enhanced to support SSL (Secure Socket Layer) if encryption of the 
browser to server connection is required. Secure administrator administration of web server 
including administration of the client name and password for access control, col. 8, lines 31-54), 
the gateway is configurable to authenticate the managers to receive the events from or to 
send the requests to the managed objects as a function of the identity of the managed object 
objects (e.g., the server supports basic server authentication, and can be enhanced to support SSL 
(Secure Socket Layer) if encryption of the browser to server connection is required. Secure 
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administrator administration of web server including administration of the client name and 
password for access control, col. 8, lines 31-54), 

the gateway is configurable to authenticate the managers to receive the events or send the 
requests as a function of user IDs entered by users of the managers objects (e.g., the server 
supports basic server authentication, and can be enhanced to support SSL (Secure Socket Layer) 
if encryption of the browser to server connection is required. Secure administrator 
administration of web server including administration of the client name and password for access 
control, col. 8, lines 31-54). 

9. As per claims 5, 24 and 43, Barker teaches the following: 

the events or requests are delivered by the gateway through the platform-independent 
interface according to Internet Inter-Object Protocol (HOP) (e.g., the Orbix Naming Service 
daemon provides symbolic lookup of servers on the network and is necessary to support the HOP 
protocol, col. 9, lines 15-19). 

10. As per claims 6-7, 25-26 and 44-45, Barker teaches the following: 

the platform-independent interface to the gateway is expressed in an interface definition 
language (e.g., the EMAPI 55 is implemented utilizing an industry standard object management 
group interface description language (IDL), col. 39, lines 1-15, figure 15), and wherein the 
interface definition language comprises a language for defining interfaces to the managed objects 
across a plurality of platforms and across a plurality of programming languages (e.g., IDL is used 
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to describe any resource or service a server component wants to expose to its clients without 
regard to its implementation language or operating system, col. 39, lines 1-15, figure 15), 

the interface definition language comprises OMG IDL (e.g., object management group 
(OMG) IDL, col. 7, lines 1-30). 

11. As per claims 8-9, 27-28 and 46-47, Barker teaches the following: 

the managed objects comprise one or more objects corresponding to a telephone network 
(e.g., a management computer associated with an element management system client is 
connected to a network element and element management system client through a public 
telephone network (PSTN), col. 3, lines 47 - 54, figure 1A), 

the managed objects comprise an object corresponding to a telecommunications device 
(e.g., method for computer internet remote management of a telecommunication network 
element, title). 

12. As per claims 10-15, 29-34 and 48-53, Barker teaches the following: 

the gateway (server) is configurable to provide security audit trails (e.g., the server 
retrieves the client record from local data services , col. 30, lines 44-63, Also, the event 
distributor of the server , col, 11, limes 18-60, col., 33 - col., 18, line 9, col, 41, line 63 - col., 
42, line 53), 

the gateway (server) providing security audit trails comprises the gateway providing 
access to a logging service (e.g., the server retrieves the client record from local data services . 
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col. 30, lines 44-63, also , the event distributor of the server , col., 11, limes 18-60, col, 33 - 
col, 18, line 9, col., 41, line 63 - col, 42, line 53), 

the logging service ( local data services at the server ) is operable to log an ID of a user 
that sends each request (e.g., a client application must register with the server by providing 
identification of the client host, port, client , and a password , in any case, all client requests are 
validated at the server, the server retrieves the client record from local data services and returns a 
session object to the client noting the client's access permissions , col. 30, lines 44-63), 

the logging service ( event distributor and storing of events ) is operable to log an ID of the 
managed object that is the source of each event or the target of each request (e.g., event 
containing the managed object identifier , col., 11, lines 18 - 60, col, 33 - col., 18, line 9, col, 
41, line 63 - col., 42, line 53), 

the logging service ( event distributor and storing of events ) is operable to log a time ( time 
of an event ) at which each event or request is generated ( the time when an event is generated , 
e.g., col., 11, limes 18 - 60, col, 33 - col., 18, line 9, col, 41, line 63 - col, 42, line 53, col., 31, 
lines 15 - col., 43, col, 39, line 24 - col., 47, line 29, col., 23, line 55 - col, 26, line 10), 

the logging service ( event distributor and storing of events ) is operable to log a time ( time 
of an event ) at which each event or request is delivered ( the time when an event is delivered , e.g., 
col., 11, limes 18 - 60, col., 33 - col., 18, line 9, col, 41, line 63 - col, 42, line 53, col., 31, lines 
15 - col, 43, col, 39, line 24 - col., 47, line 29, col, 23, line 55 - col., 26, line 10). 



13. 



As per claims 16-17, 35-36 and 54-55, Barker teaches the following: 
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the requests comprise a query for information concerning one of the managed objects 
(e.g., each managed object service class must implement the managed object interface, which 
defines configuration and status services like viewconfig, used to obtain configuration 
information for all network elements, col. 40, lines 27-38), 

the requests comprise a command to set one or more parameters of one of the managed 
objects (e.g., each managed object service class must implement the managed object interface, 
which defines configuration and status services like viewconfig, used to obtain configuration 
information for all network elements, col. 40, lines 27-38), 

14. As per claims 18-19, 37-38 and 56-57, Barker teaches the following: 

the requests are converted from the interface definition language to a Portable 
Management Interface (PMI) format prior to delivery to the managed objects (e.g., SNMP 
Mediator 160 provides translation between the MIB ASN. 1 format and the managed object 
notation used in this architecture, figure 3), 

the requests are converted from the interface definition language to a platform-specific 
format prior to delivery to the managed objects (e.g., SNMP Mediator 160 provides translation 
between the MIB ASN. 1 format and the managed object notation used in this architecture, figure 
3). 

Conclusion 

15. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 
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A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Haresh Patel whose telephone number is (703) 605-5234. The 
examiner can normally be reached on Monday, Tuesday, Thursday and Friday from 10:00 am to 
8:00 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, John Follansbee, can be reached at (703) 305-8498. 

The appropriate fax phone number for the organization where this application or 
proceeding is assigned is (703) 306-5404. 

Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is (703) 305-3900. 
Haresh Patel 
February 3, 2004 




JOHN FOLLANSBEE 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 



